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Tank  used  a  DARPA-funded  cognitive  networking  platform  to  demonstrate  practical 
techniques  for  scalable  mobile  computing  and  also  for  practical  distributed  policy 
enforcement.  Both  results  suggest  new  underpinnings  for  important  DoD  network 
environments  such  as  ad-hoctactical  networks  or  multi-force  battlefield  networks. 

The  Trust  Architecture  for  Network  Knowledge  (TANK)  at  the  University  of 
Pennsylvania  demonstrated  the  value  of  trust  management  techniques  in  scalable  mobile 
networking.  We  showed  that  a  mobility  solution  can  strictly  outperform  Mobile  IP 
without  sacrificing  legacy  interoperability.  We  also  developed  a  novel  system  for 
detecting  policy  violations.  Both  of  these  new  techniques  are  applicable  to  DoD 
networking,  in  one  case  in  offering  new  flexibility  to  war  fighters  using  mobile  ad-hoc 
networks,  and  in  another  case  showing  new  techniques  for  detecting  compromised  nodes 
in  networks  under  heterogeneous  control. 

The  core  of  TANK  is  a  highly  adaptive  cognitive  networking  platform,  DHARMA 
(Distributed  Home  Agent  for  Robust  Mobile  Access).  DHARMA  effectively  and 
seamlessly  circumvents  the  problem  of  intermittent  connectivity/mobility  on  TCP 
applications  that  an  increasingly  important  issue  in  mobile/wireless  computing. 
Connectivity  loss  has  received  little  attention  because  many  major  applications  are  not 
bothered  by  intermittent  connectivity  (e.g.,  Web  browsing  and  email  handling). 

Inefficient  routing  in  Mobile  IP  has  been  studied  extensively,  but  DHARMA  makes 
novel  use  of  an  overlay  network  to  distribute  Mobile  IP  home  agent  functionality  to  a 
collection  of  nodes.  In  particular,  DHARMA  selects  a  location-optimized  instance  from 
a  distributed  set  of  home  agents  to  minimize  routing  overheads,  and  provides  session 
support  that  overcomes  both  transitions  between  home  agent  instances  and  intennittent 
connectivity.  Unlike  Mobile  IP  and  other  network-layer  mobility  schemes,  cross-layer 
information  sharing  between  the  session  layer  and  the  overlay  network  is  used  to  exploit 
multiple  (wireless)  links  when  available. 

We  implemented  DHARMA  atop  the  PlantetLab  testbed.  Our  results  show  that  the 
routing  performance  of  DHARMA  is  strictly  better  than  best-case  Mobile  IP,  and  does 
not  depend  on  continued  bandwidth  to  a  “home”  network  for  mobile  nodes.  DHARMA’s 
routing  performance  improves  with  the  number  of  proxies.  In  the  PlanetLab 
Environment,  with  10%  proxy  density,  DHARMA’s  routing  overhead  is  50%  compared 
to  standard  TCP,  while  Mobile  IP  is  75%  for  triangular  routing  and  150%  for 
bidirectional  tunneling.  With  100%  proxy  density  nodes  the  routing  overhead  is  reduced 
to  25%. 

These  results  suggest  a  practical  architecture  for  tactical  networks,  in  which  nodes  obtain 
continued  connectivity  by  exploiting  highly  varied  network  conditions  without  disturbing 
long-running  applications  (e.g.,  streaming  multimedia). 

A  second  aspect  of  TANK  concerns  evaluating  the  trustworthiness  of  nodes  in  large-scale 
networks,  especially  ad-hoc  and  peer-to-peer  (P2P)  systems.  Such  systems  increasingly 
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distribute  control  to  the  end  users,  who  may  exploit  characteristics  of  the  system  design 
to  gain  advantage;  that  is,  they  may  engage  in  non-compliant  behavior,  more  simply 
called  policy  violations  or  even  “cheating”.  Policy  violations  lead  to  poor  perfonnance, 
and  can  also  indicate  that  a  node  has  been  compromised. 

We  also  used  network  games  as  a  testbed  to  study  cheat  detection  in  such  networks;  their 
complex  and  flexible  protocol  set,  coupled  with  their  large  user  base,  provides  a  practical 
experimental  environment  that  could  be  translated  to  other  contexts.  The  researchers 
have  formalized  system  invariants  so  that  they  can  be  represented  in  the  knowledge  base 
and  allow  accurate  cheat  detection.  We  showed  that  the  invariants  can  be  expressed  in 
temporal  logic.  Moreover,  the  in-memory  runtime  check  increases  the  average  response 
time  only  by  0.21  milliseconds,  and  is  unnoticeable  by  users.  These  results  provide 
encouraging  early  evidence  that  distributed  on-the-fly  cheat  detection  may  be  feasible  in 
practice  in  spite  of  the  computation  burden  it  places  on  peer  nodes. 

Distributed  cheat  detection  is  a  promising  approach  in  a  variety  of  large-scale  networks, 
especially  ad-hoc  networks  made  up  of  easily  compromised  nodes  or  those  under 
heterogeneous  control,  such  as  multi-force  battlefield  networks. 
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